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Remarks 

Claims 1-7, 9-32, and 34-45 are pending. 
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Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the 
fee set forth in 37 CFR 1 .17(e), was filed in this application after final rejection. 
Since this application is eligible for continued examination under 37 CFR 1.114, 
and the fee set forth in 37 CFR 1 .1 7(e) has been timely paid, the finality of the 
previous Office action has been withdrawn pursuant to 37 CFR 1 .1 14. 
Applicant's submission filed on 8/27/2009 has been entered. 

Response to Arguments 

2. Applicant's arguments filed 8/27/2009 have been fully considered but they 
are not persuasive. 

Applicant argues that Jamtgaard provides no discussion whatsoever 
regarding trust or levels of trust. It is noted that the instant application does not 
define what a "level of trust" comprises. Based on the teachings of the instant 
application, however, the level of trust is meant only to provide for grouping or 
different functionality (such as generating a signature from different parameters, 
for example), but never actually limits any access based on this level of trust. 

Therefore, this level of trust can be virtually any data that is desired to be 
used in order to group devices or provide different information in a signature, for 
example. In one exception, actual trust is taken into consideration. This 
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exception is the first level of trust, in that a trusted device identifier is provided 
and a gateway is trusted above a defined level. The other 2 levels of trust 
(second and third in claim 1) are levels of trust in name only, stating a capability 
or characteristic of the device, such that a cookie may be provided to the device 
(or the cookie could be used in signature generation) or a munged URL could be 
provided to the device. There is nothing in the application as originally filed tying 
these capabilities into any authentication or trust determination (such that a 
device is less trusted if it does not accept cookies). As one can see from the 
above, regarding claim 1, only the first level of trust need provide any trust in any 
entity; the other levels of trust being capability determinations that have nothing 
to do with trusting anything. In its broadest reasonable interpretation, the levels 
of trust discussed in the claims are merely indicators that may provide for 
separate processing (it is noted that no separate processing is provided in claim 
1 , for example, but a signature is generated no matter what level of trust is 
provided) or grouping. Except as otherwise indicated in the claims (e.g. first level 
of trust in claim 1 ), this is how a level of trust has been construed. 

Furthermore, Aura teaches that "trust parameters specify any information 
about the mobile nodes that base station 1 wishes to pass on to base station 2 
(or any other base station)" (Column 9, line 66 to Column 10, line 1). Therefore, 
any information about mobile nodes may be used as a trust parameter in Aura, 
such information clearly extending to browser capabilities. 

Further still, the application as originally filed appears to correlate a default 
level of trust to any device, based on an ability to interact with a URL, for 
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example. This appears to be an inherent feature of a device that is used within 
the system, however. It is never actually determined whether a device can 
interact with a URL, this functionality is assumed to be within the device. This is 
further noted by the claims, in that claim 1 , for example, refers to "automatically 
determining at least one level of trust...". There is no possibility in claim 1 that 
zero levels of trust are determined. The application as originally filed discusses 
determining whether a device is enabled to deal with cookies (page 12, lines 21- 
22) and determining if a trusted mobile device ID has been received (page 12, 
lines 9-10), and determining a level of trust based on such determination. 
However, the third level of trust is merely provided to any device as a default 
level (either if the device fails the above described determinations or in addition 
to them). Figure 3 shows this further, in that there is a determination as to 
whether the device if Tier 1 or Tier 2, but no determination as to whether the 
device is Tier 3. If the device is neither Tier 1 nor Tier 2, a Tier 3 signature is 
automatically determined with no other option. Therefore, there is no actual 
determination of whether the device is enabled to interact with a URL, but this is 
merely an inherent feature in any device used within the instant application. 

Although Applicant's arguments have not been considered persuasive, the 
Examiner has applied new grounds of rejection based upon newly found art. 



Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 
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Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

3. Claims 1 8-25 are rejected under 35 U.S.C. 1 01 because the claimed 
invention is directed to non-statutory subject matter. Claim 18 is directed to "a 
client adapted for a mobile device...". A client is described in the specification as 
being computer code, for example, page 6, lines 6-7 stating that "The client may 
further operate within a processor". This client is clearly not a machine, process, 
article of manufacture, or composition of matter. Therefore, it is non-statutory. 
Claims 19-25, dependent from claim 18, are also non-statutory. This could be 
fixed, for example, by creating a device claim, where the preamble could read "A 
mobile device...", and by providing the appropriate elements for tying in the code 
described in the claim with the device. As an example, adding a processor that 
executes the code, and a storage medium that stores the code appears as 
though it would suffice. As of now, however, claim 18 is directed to purely code, 
even though it is "adapted for" a mobile device, it does not include any physical 
component to make it an apparatus. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 



Application/Control Number: 10/767,004 Page 6 

Art Unit: 2437 

4. Claims 1,3,4, 9-1 2,14,1 5, 26-30, 32, 35-38, and 40-45 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over Aura (U.S. Patent 6,947,725) 
in view of Kou (U.S. Patent 7,21 6,236) and Buhle (U.S. Patent 6,286,1 04). 
Regarding Claim 1, 

Aura discloses a method of managing a communication with 
a mobile device over a network, comprising: 

Receiving a request from the mobile device, wherein the 
request includes associated information (Column 5, line 58 to 
Column 6, line 13; and Column 7, line 42 to Column 8, line 23) and 
further receiving a gateway group identifier for a carrier gateway 
that is associated with the mobile device request (Column 4, lines 
32-65; Column 9, line 43 to Column 10, line 27; and Column 13, 
line 64 to Column 15, line 6); 

Automatically determining at least one level of trust from a 
plurality of different levels of trust based, in part, on the associated 
information (Column 5, line 58 to Column 6, line 13; and Column 7, 
line 42 to Column 8, line 23), and based on: 

Using the associated information, determining if a trusted 
mobile device identifier associated with the mobile device is 
received (Column 9, line 43 to Column 1 0, line 27; and Column 1 3, 
line 64 to Column 15, line 6); 

If the trusted mobile device identifier associated with the 
mobile device is received, then determining at least a first level of 
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trust associated with the mobile device (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 

If the mobile device is enabled to access the Internet, then 
determining at least a third level of trust associated with the mobile 
device (Column 3, line 31 to Column 4, line 1 1 ; Column 7, line 42 to 
Column 8, line 23; and Column 9, lines 4-19); 

Determining at least one device signature for the mobile 
device based on the at least one level of trust from the plurality of 
different levels of trust, and independent of user authentication, the 
at least one device signature being useable to enable the mobile 
device to perform an action over the network associated with the 
request (Column 7, line 42 to Column 8, line 23; and Column 9, line 
43 to Column 10, line 27); 

Kou, however, discloses using associated information of a 
request, determining a capability of the mobile device, including 
determining if the mobile device is enabled to accept a cookie, and 
determining if the mobile device is enabled to interact with a URL 
(Column 9, lines 23-42; and Column 15, lines 40-54); 

If the mobile device is enabled to accept a cookie, then 
determining at least a second level of trust associated with the 
mobile device (Column 9, lines 23-42; server requiring cookies to 
be enabled, and informing the client to enable cookies; if cookies 
remain disabled, the client is not allowed access); and 
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If the mobile device is enabled to interact with a URL, then 
determining at least a third level of trust associated with the mobile 
device (Column 9, lines 23-42; and Column 15, lines 40-54; the 
client sending a request including a URL and/or the client using a 
specific URL format (e.g. HTTP or HTTPS) when HTTPS is 
required and the server ensuring that HTTPS is used). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the secure session 
management techniques of Kou into the mobile authentication 
system of Aura in order to allow the system to enforce certain 
security restrictions, such as forcing clients to use a secure 
protocol, such as HTTPS, in order to access certain information, 
thereby ensuring security of the information that is to be protected. 

Buhle, however, discloses receiving a gateway group 
identifier for a gateway that is associated with the mobile device 
request; using the gateway group identifier, determining if the 
carrier gateway is trustable above a defined level; and determining 
levels of trust based on both a device ID and whether the gateway 
is trustable above the defined level (Column 5, line 25 to Column 6, 
line 25; Column 6, lines 61-67; and Column 8, lines 20-52). It 
would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the authentication and 
authorization system of Buhle into the mobile authentication system 
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of Aura as modified by Kou in order to provide a highly dynamic 
system of roles and permissions such that a device connecting 
directly to a data server will have one set of roles/permissions and 
when the device connects through certain middle-tier servers, the 
roles and permissions change based on each server through which 
the connection is made, thereby providing a high degree of 
security, auditing, and dynamic system behavior based upon how 
the user connects to the system. 

Regarding Claim 3, 

Aura as modified by Kou and Buhle discloses the method of 
claim 1, in addition, Aura discloses that the associated information 
comprises at least one of a device identifier, user agent information, 
and an indication that the mobile device is enabled to accept a 
cookie (Column 9, line 43 to Column 10, line 27; and Column 13, 
line 64 to Column 15, line 6). 

Regarding Claim 4, 

Aura as modified by Kou and Buhle discloses the method of 
claim 3, in addition, Aura discloses that the associated information 
further comprises at least one of a gateway group identifier and a 
subscription identifier (Column 9, line 43 to Column 10, line 27; and 
Column 13, line 64 to Column 15, line 6). 

Regarding Claim 9, 
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Aura as modified by Kou and Buhle discloses the method of 
claim 1, in addition, Aura discloses that the mobile device identifier 
is at least one of a MIN, ESN, application serial number, or a 
mobile telephone number (Column 1 3, line 64 to Column 1 5, line 
6). 

Regarding Claim 10, 

Aura as modified by Kou and Buhle discloses the method of 
claim 1 , in addition, Aura discloses that determining at least one 
device signature further comprises if the first level of trust is 
determined, determining a first tier device signature based, in part, 
on a hash of at least one of a subscription identifier, the gateway 
group identifier, a user agent identifier, and a time stamp (Column 
9, line 43 to Column 10, line 27; and Column 13, line 64 to Column 
15, line 6). 

Regarding Claim 11, 

Aura as modified by Kou and Buhle discloses the method of 
claim 1 , in addition, Aura discloses that determining at least one 
device signature further comprises if the second level of trust is 
determined, determining a second tier device signature based, in 
part, on a hash of at least one of a cookie, the gateway group 
identifier, a user agent identifier, and a time stamp (Column 9, line 
43 to Column 10, line 27; and Column 13, line 64 to Column 15, 
line 6). 
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Regarding Claim 12, 

Aura as modified by Kou and Buhle discloses the method of 
claim 1 , in addition, Aura discloses that determining at least one 
device signature further comprises if the third level of trust is 
determined, determining a third tier device signature based, in part, 
on a hash of at least one of the gateway group identifier, a user 
agent identifier, a server identifier, a process identifier, a random 
number, and a time stamp (Column 9, line 43 to Column 10, line 
27; and Column 13, line 64 to Column 15, line 6). 

Regarding Claim 14, 

Aura as modified by Kou and Buhle discloses the method of 
claim 1 , in addition, Aura discloses that determining at least one 
device signature further comprises employing a hash function 
selected from at least one of a message digest, SHA, DES, 3DES, 
HAVAL, RIPEMD, and Tiger hash function (Column 4, lines 58-62). 

Regarding Claim 15, 

Aura as modified by Kou and Buhle discloses the method of 
claim 1 , in addition, Aura discloses expiring the at least one device 
signature based, in part, on a predetermined period of time 
associated with each of the at least one device signature (Column 
9, line 43 to Column 10, line 27). 

Regarding Claim 26, 
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Aura discloses a server for managing a communication with 
a mobile device over a network comprising: 

A transceiver for receiving a request from the mobile device 
and for sending at least one device signature to the mobile device 
(Column 5, line 58 to Column 6, line 13; and Column 7, line 42 to 
Column 8, line 23); and 

A transcoder that is configured to perform actions including: 

Receiving the request from the mobile device, wherein the 
request includes associated information (Column 5, line 58 to 
Column 6, line 13; and Column 7, line 42 to Column 8, line 23); 

Receiving a gateway group identifier for a carrier gateway 
(Column 4, lines 32-65; Column 9, line 43 to Column 10, line 27; 
and Column 13, line 64 to Column 15, line 6); 

Automatically determining at least one level of trust from a 
plurality of different levels of trust based, in part, on the associated 
information (Column 5, line 58 to Column 6, line 13; and Column 7, 
line 42 to Column 8, line 23) and further based on: 

If a trusted mobile device identifier associated with the 
mobile device is received, then determining at least a first level of 
trust associated with the mobile device (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 

If the mobile device is enabled to access the Internet, then 
determining at least a third level of trust associated with the mobile 
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device (Column 3, line 31 to Column 4, line 1 1 ; Column 7, line 42 to 
Column 8, line 23; and Column 9, lines 4-19); and 

Determining the at least one device signature for the mobile 
device based on the at least one level of trust of the plurality of 
different trust levels, wherein the at least one device signature is 
independent of user authentication (Column 7, line 42 to Column 8, 
line 23; and Column 9, line 43 to Column 10, line 27); 

But does not explicitly disclose determining if the mobile 
device is enabled to accept a cookie; determining if the mobile 
device is enabled to interact with a URL; receiving the gateway 
group identifier from the carrier gateway, and determining if the 
carrier gateway is trustable. 

Kou, however, discloses determining if the mobile device is 
enabled to accept a cookie, and if the mobile device is enabled to 
accept a cookie, then determining at least a second level of trust 
associated with the mobile device (Column 9, lines 23-42); and 

Determining if the mobile device is enabled to interact with a 
URL, and if the mobile device is enabled to interact with a URL, 
then determining at least a third level of trust associated with the 
mobile device (Column 9, lines 23-42; and Column 15, lines 40-54). 
It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the secure session 
management techniques of Kou into the mobile authentication 



Application/Control Number: 10/767,004 Page 
Art Unit: 2437 

system of Aura in order to allow the system to enforce certain 
security restrictions, such as forcing clients to use a secure 
protocol, such as HTTPS, in order to access certain information, 
thereby ensuring security of the information that is to be protected. 

Buhle, however, discloses receiving, from a gateway 
associated with a request from a mobile device, a gateway group 
identifier for the gateway and determining levels of trust based on 
both a device ID and whether the gateway is determined to be 
trustable (Column 5, line 25 to Column 6, line 25; Column 6, lines 
61-67; and Column 8, lines 20-52). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
incorporate the authentication and authorization system of Buhle 
into the mobile authentication system of Aura as modified by Kou in 
order to provide a highly dynamic system of roles and permissions 
such that a device connecting directly to a data server will have one 
set of roles/permissions and when the device connects through 
certain middle-tier servers, the roles and permissions change 
based on each server through which the connection is made, 
thereby providing a high degree of security, auditing, and dynamic 
system behavior based upon how the user connects to the system. 
Regarding Claim 27, 

Aura as modified by Kou and Buhle discloses the server of 
claim 26, in addition, Aura discloses that the transcoder is 
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configured to perform actions comprising receiving gateway 
information, wherein the gateway information is associated with a 
carrier gateway for the mobile device; and determining the at least 
one level of trust based, in part, on the associated information and 
the gateway information (Column 4, lines 32-65; Column 9, line 43 
to Column 10, line 27; and Column 13, line 64 to Column 15, line 
6). 

Regarding Claim 28, 

Aura as modified by Kou and Buhle discloses the server of 
claim 26, in addition, Aura discloses that determining the at least 
one device signature comprises if the first level of trust is 
determined, determining a first tier device signature based, in part, 
on a hash of at least one of a subscription identifier, the gateway 
group identifier, a user agent identifier, and a time stamp (Column 
9, line 43 to Column 10, line 27; and Column 13, line 64 to Column 
15, line 6). 

Regarding Claim 29, 

Aura as modified by Kou and Buhle discloses the server of 
claim 26, in addition, Aura discloses that determining the at least 
one device signature further comprises if the second level of trust is 
determined, determining a second tier device signature based, in 
part, on a hash of at least one of a cookie, the gateway group 
identifier, a user agent identifier, and a time stamp (Column 9, line 
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43 to Column 10, line 27; and Column 13, line 64 to Column 15, 
line 6). 

Regarding Claim 30, 

Aura as modified by Kou and Buhle discloses the server of 
claim 26, in addition, Aura discloses that determining the at least 
one device signature further comprises if the third level of trust is 
determined, determining a third tier device signature based, in part, 
on a hash of at least one of the gateway group identifier, a user 
agent identifier, a server identifier, a process identifier, a random 
number, and a time stamp (Column 9, line 43 to Column 10, line 
27; and Column 13, line 64 to Column 15, line 6). 

Regarding Claim 32, 

Aura as modified by Kou and Buhle discloses the server of 
claim 26, in addition, Aura discloses that determining the at least 
one level of trust further comprises determining the second level of 
trust based at least one of the gateway identifier, and a user agent 
(Column 9, line 43 to Column 10, line 27; and Column 13, line 64 to 
Column 15, line 6). 

Regarding Claim 35, 

Aura discloses a system for managing a communication with 
a mobile device over a network comprising: 
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The mobile device configured to provide information 
associated with the mobile device (Column 5, line 58 to Column 6, 
line 13; and Column 7, line 42 to Column 8, line 23); and 

A server, coupled to a carrier gateway, that is configured to 
receive the associated information and to perform actions (Column 
4, lines 32-65; Column 5, line 58 to Column 6, line 13; and Column 
7, line 42 to Column 8, line 23), including: 

Automatically determining at least two different levels of trust 
from a plurality of different levels of trust based, in part, on the 
associated information (Column 5, line 58 to Column 6, line 13; and 
Column 7, line 42 to Column 8, line 23), wherein the at least two 
different levels of trust are based on: 

If a trusted mobile device identifier associated with the 
mobile device is received, then determining at least a first level of 
trust associated with the mobile device (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 
and 

Determining another level of trust associated with the mobile 
device (Column 5, line 58 to Column 6, line 13; and Column 7, line 
42 to Column 8, line 23); and 

Initially determining at least two different device signatures 
for the mobile device each of the two device signatures being 
based on a different one of the at least two different levels of trust, 



Application/Control Number: 10/767,004 Page 
Art Unit: 2437 

wherein the at least two device signatures are each determined 
independent of user authentication (Column 5, line 58 to Column 6, 
line 13; and Column 7, line 42 to Column 8, line 23); 

But does not appear to explicitly disclose determining if the 
mobile device is enabled with a defined operational capability, 
wherein the other level of trust is determined based on at least one 
of a determination that the mobile device is enabled to accept a 
cookie and a determination that the mobile device is enabled to 
interact with a URL, and determining if a gateway group identifier 
associated with a carrier gateway is trustable. 

Kou, however, discloses determining if the mobile device is 
enabled with a defined operational capability and if the mobile 
device is so enabled, then determining another level of trust 
associated with the mobile device, wherein the other level of trust is 
determined based on at least one of a determination that the mobile 
device is enabled to accept a cookie and a determination that the 
mobile device is enabled to interact with a URL (Column 9, lines 
23-42; and Column 15, lines 40-54). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
incorporate the secure session management techniques of Kou into 
the mobile authentication system of Aura in order to allow the 
system to enforce certain security restrictions, such as forcing 
clients to use a secure protocol, such as HTTPS, in order to access 
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certain information, thereby ensuring security of the information that 
is to be protected. 

Buhle, however, discloses determining levels of trust based 
on both a device ID and whether a gateway group identifier 
associated with a carrier gateway is determined to be trustable 
(Column 5, line 25 to Column 6, line 25; Column 6, lines 61-67; and 
Column 8, lines 20-52). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to 
incorporate the authentication and authorization system of Buhle 
into the mobile authentication system of Aura as modified by Kou in 
order to provide a highly dynamic system of roles and permissions 
such that a device connecting directly to a data server will have one 
set of roles/permissions and when the device connects through 
certain middle-tier servers, the roles and permissions change 
based on each server through which the connection is made, 
thereby providing a high degree of security, auditing, and dynamic 
system behavior based upon how the user connects to the system. 
Regarding Claim 36, 

Aura as modified by Kou and Buhle discloses the system of 
claim 35, in addition, Aura discloses that determining the at least 
two device signatures further comprises determining a tier 1 device 
signature based, in part, on a hash of at least one of a subscription 
identifier, the gateway group identifier, a user agent identifier, and a 
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time stamp (Column 9, line 43 to Column 10, line 27; and Column 
13, line 64 to Column 15, line 6). 

Regarding Claim 37, 

Aura as modified by Kou and Buhle discloses the system of 
claim 35, in addition, Aura discloses that determining the at least 
two device signatures further comprises determining a tier 2 device 
signature based, in part, on a hash of at least one of a cookie, the 
gateway group identifier, a user agent identifier, and a time stamp 
(Column 9, line 43 to Column 10, line 27; and Column 13, line 64 to 
Column 15, line 6). 

Regarding Claim 38, 

Aura as modified by Kou and Buhle discloses the system of 
claim 35, in addition, Aura discloses that determining the at least 
two device signatures further comprises determining a tier 3 device 
signature based, in part, on a hash of at least one of the gateway 
group identifier, a user agent identifier, a server identifier, a process 
identifier, a random number, and a time stamp (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6). 

Regarding Claim 40, 

Aura as modified by Kou and Buhle discloses the system of 
claim 35, in addition, Aura discloses the carrier gateway, coupled to 
the mobile device, that is configured to receive the associated 
information, and provide the associated information and gateway 
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information related to the carrier gateway (Column 4, lines 32-65; 
and Column 13, line 64 to Column 15, line 6); and Buhle discloses 
that the gateway is coupled to the mobile device and is configured 
to receive associated information and provide the associated 
information and gateway information, including the gateway group 
identifier, related to the gateway (Column 5, line 25 to Column 6, 
line 25; Column 6, lines 61-67; and Column 8, lines 20-52). 
Regarding Claim 41, 

Aura discloses a computer readable storage medium for 
communicating with a mobile device, the computer readable 
storage medium having computer executable instructions stored 
thereon that when installed into a computing device enable the 
computing device to perform actions, comprising: 

Receiving a request from the mobile device, wherein the 
request includes associated information (Column 5, line 58 to 
Column 6, line 13; and Column 7, line 42 to Column 8, line 23) and 
further receiving a gateway group identifier for a carrier gateway 
that is associated with the mobile device request (Column 4, lines 
32-65; Column 9, line 43 to Column 10, line 27; and Column 13, 
line 64 to Column 15, line 6); 

Sending at least one device signature to the mobile device 
based on at least one level of trust determined from a plurality of 
different levels of trust that is determined, in part, using the 
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associated information (Column 7, line 42 to Column 8, line 23; and 
Column 9, line 43 to Column 10, line 27), wherein the at least one 
level of trust is based on: 

If a trusted mobile device identifier associated with the 
mobile device is received, then determining at least a first level of 
trust associated with the mobile device (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 
and 

Determining another level of trust associated with the mobile 
device, and wherein the at least one device signature is determined 
independent of user authentication (Column 5, line 58 to Column 6, 
line 13; and Column 7, line 42 to Column 8, line 23); 

But does not appear to explicitly disclose determining if the 
mobile device is enabled with a defined operational capability and 
determining if the gateway is trustable based on the gateway group 
identifier above a threshold. 

Kou, however, discloses determining if the mobile device is 
enabled with a defined operational capability and if the mobile 
device is so enabled, then determining another level of trust 
associated with the mobile device, wherein the other level of trust is 
determined based on at least one of a determination that the mobile 
device is enabled to accept a cookie and a determination that the 
mobile device is enabled to interact with a URL (Column 9, lines 
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23-42; and Column 15, lines 40-54). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
incorporate the secure session management techniques of Kou into 
the mobile authentication system of Aura in order to allow the 
system to enforce certain security restrictions, such as forcing 
clients to use a secure protocol, such as HTTPS, in order to access 
certain information, thereby ensuring security of the information that 
is to be protected. 

Buhle, however, discloses receiving a gateway group 
identifier for a gateway that is associated with the mobile device 
request; using the gateway group identifier to determine if the 
gateway is trustable above a threshold; and determining levels of 
trust based on both a device ID and whether the gateway is 
trustable above a defined level (Column 5, line 25 to Column 6, line 
25; Column 6, lines 61-67; and Column 8, lines 20-52). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the authentication and 
authorization system of Buhle into the mobile authentication system 
of Aura as modified by Kou in order to provide a highly dynamic 
system of roles and permissions such that a device connecting 
directly to a data server will have one set of roles/permissions and 
when the device connects through certain middle-tier servers, the 
roles and permissions change based on each server through which 
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the connection is made, thereby providing a high degree of 
security, auditing, and dynamic system behavior based upon how 
the user connects to the system. 

Regarding Claim 42, 

Aura as modified by Kou and Buhle discloses the computer 
readable storage medium of claim 41 , in addition, Aura discloses 
that determining the at least one device signature further comprises 
if the first level of trust is determined, determining a first tier device 
signature based, in part, on a hash of at least one of a subscription 
identifier, the gateway group identifier, a user agent identifier, and a 
time stamp (Column 9, line 43 to Column 10, line 27; and Column 
13, line 64 to Column 15, line 6). 

Regarding Claim 43, 

Aura as modified by Kou and Buhle discloses the computer 
readable storage medium of claim 41 , in addition, Aura discloses 
that determining the at least one device signature further comprises 
if the other level of trust is determined, determining another device 
signature based, in part, on a hash of at least one of a cookie, the 
gateway group identifier, a user agent identifier, and a time stamp 
(Column 9, line 43 to Column 10, line 27; and Column 13, line 64 to 
Column 15, line 6). 

Regarding Claim 44, 
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Aura as modified by Kou and Buhle discloses the computer 
readable storage medium of claim 41 , in addition, Aura discloses 
that determining the at least one device signature further comprises 
if the other level of trust is determined, determining another device 
signature based, in part, on a hash of at least one of the gateway 
group identifier, a user agent identifier, a server identifier, a process 
identifier, a random number, and a time (Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6) 
Regarding Claim 45, 

Aura discloses an apparatus for communicating with a 
mobile device comprising: 

A means for receiving a request from a mobile device, 
wherein the request includes associated information (Column 5, 
line 58 to Column 6, line 13; and Column 7, line 42 to Column 8, 
line 23); 

Means for receiving a gateway group identifier associated 
with a carrier gateway for the request from the mobile device 
(Column 4, lines 32-65; Column 9, line 43 to Column 10, line 27; 
and Column 13, line 64 to Column 15, line 6); 

A means for automatically determining a plurality of different 
levels of trust based, in part, on the associated information (Column 
5, line 58 to Column 6, line 13; and Column 7, line 42 to Column 8, 
line 23); and 



Application/Control Number: 10/767,004 Page 
Art Unit: 2437 

A means for determining a plurality of different device 
signatures for the mobile deice based, in part, on the determined 
plurality of different levels of trust, and independent of user 
authentication (Column 7, line 42 to Column 8, line 23; and Column 
9, line 43 to Column 10, line 27); 

But does not appear to explicitly disclose that the associated 
information indicates a capability of the mobile device, that at least 
one of the different levels of trust is based on an operational 
capability of the mobile device, wherein the other level of trust is 
determined based on at least one of a determination that the mobile 
device is enabled to accept a cookie and a determination that the 
mobile device is enabled to interact with a URL, and determining if 
the gateway is trustable above a threshold. 

Kou, however, discloses that the associated information 
indicates a capability of the mobile device and that at least one of 
the different levels of trust is based on an operational capability of 
the mobile device, wherein the other level of trust is determined 
based on at least one of a determination that the mobile device is 
enabled to accept a cookie and a determination that the mobile 
device is enabled to interact with a URL (Column 9, lines 23-42; 
and Column 1 5, lines 40-54). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to 
incorporate the secure session management techniques of Kou into 
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the mobile authentication system of Aura in order to allow the 
system to enforce certain security restrictions, such as forcing 
clients to use a secure protocol, such as HTTPS, in order to access 
certain information, thereby ensuring security of the information that 
is to be protected. 

Buhle, however, discloses means for receiving a gateway 
group identifier associated with a carrier gateway for the request 
from the mobile device; using the gateway group identifier to 
determine if the gateway is trustable above a threshold; and 
determining levels of trust based on both a device ID and whether 
the gateway is trustable above a threshold based on the gateway 
group identifier (Column 5, line 25 to Column 6, line 25; Column 6, 
lines 61-67; and Column 8, lines 20-52). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the authentication and authorization system 
of Buhle into the mobile authentication system of Aura as modified 
by Kou in order to provide a highly dynamic system of roles and 
permissions such that a device connecting directly to a data server 
will have one set of roles/permissions and when the device 
connects through certain middle-tier servers, the roles and 
permissions change based on each server through which the 
connection is made, thereby providing a high degree of security, 
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auditing, and dynamic system behavior based upon how the user 
connects to the system. 



5. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Aura in view of Kou and Buhle, further in view of Bryson (U.S. Patent Application 
Publication 2004/0185777). 

Aura as modified by Kou and Buhle does not explicitly disclose that 
the gateway group identifier is obtained from a header of a network packet 
associated with the carrier gateway. 

Bryson, however, discloses that the gateway group identifier is 
obtained from a header of a network packet associated with the carrier 
gateway (Paragraph 91 ). It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to incorporate the 
portable wireless gateway system of Bryson into the mobile authentication 
system of Aura as modified by Kou and Buhle in order to allow devices of 
a wide variety of communication protocols to connect to and use the 
system, while allowing for moving access points such that users can 
spontaneously provision connectivity in many locations such as planes, 
trains, ships, and buses without having to preplan for their connectivity 
needs. 



Application/Control Number: 10/767,004 Page 
Art Unit: 2437 

6. Claims 5, 18, 20-22, and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Aura in view of Kou and Buhle, further in view of Wilf (U.S. 
Patent 6,496,824). 

Regarding Claim 5, 

Aura as modified by Kou and Buhle discloses the method of 
claim 1, in addition, Aura discloses automatically determining a 
second device signature based on a second level of trust, wherein 
the second device signature comprises a hash of at least a 
gateway group identifier (Column 9, line 43 to Column 10, line 27; 
and Column 13, line 64 to Column 15, line 6); but does not explicitly 
disclose that the signature hash also comprises a cookie and a 
user agent identifier obtainable from the associated information. 

Wilf, however, discloses that the signature hash also 
comprises at least a cookie and a user agent identifier obtainable 
from the associated information (Column 4, lines 5-35). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the session management 
techniques of Wilf into the mobile authentication system of Aura as 
modified by Kou and Buhle in order to provide a stronger signature, 
based upon more client and/or gateway specific information, thus 
increasing security of the signature and making it harder to forge. 
Regarding Claim 18, 
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Aura discloses a client adapted for a mobile device to 
communicate with a server over a network, the client being 
configured to perform actions comprising: 

Sending a request to the server for content, wherein the 
request includes an identifier associated with the device (Column 5, 
line 58 to Column 6, line 13; Column 7, line 42 to Column 8, line 23; 
and Column 13, line 64 to Column 15, line 6); and wherein the 
server also receives a gateway group identifier associated with a 
carrier gateway (Column 4, lines 32-65; Column 9, line 43 to 
Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 

Receiving at least one device signature associated with the 
mobile device, wherein the at least one device signature is based 
on at least one level of trust determined from a plurality of different 
trust levels, and is independent of user authentication (Column 5, 
line 58 to Column 6, line 13; and Column 7, line 42 to Column 8, 
line 23), the at least one level of trust being determined based on: 

Determining at least a default level of trust (Column 3, line 
31 to Column 4, line 1 1 ; Column 7, line 42 to Column 8, line 23; 
and Column 9, lines 4-19); 

If a trusted mobile device identifier associated with the 
mobile device is received, then determining at least a first level of 
trust associated with the mobile device (Column 9, line 43 to 
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Column 10, line 27; and Column 13, line 64 to Column 15, line 6); 
and 

If the mobile device is enabled to access the Internet, then 
determining at least a third level of trust associated with the mobile 
device (Column 3, line 31 to Column 4, line 1 1 ; Column 7, line 42 to 
Column 8, line 23; and Column 9, lines 4-19); and 

But does not appear to explicitly disclose determining if the 
mobile device is enabled to accept a cookie, determining if the 
mobile device is enabled to interact with a URL; that the identifier 
associated with the device comprises an identifier associated with a 
user agent, and determining if the gateway is trustable based on 
the gateway group identifier. 

Kou, however, discloses determining if the mobile device is 
enabled to accept a cookie, and if the mobile device is enabled to 
accept a cookie, then determining at least a second level of trust 
associated with the mobile device (Column 9, lines 23-42); and 

Determining if the mobile device is enabled to interact with a 
URL, and if the mobile device is enabled to interact with a URL, 
then determining at least a third level of trust associated with the 
mobile device (Column 9, lines 23-42; and Column 15, lines 40-54). 
It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the secure session 
management techniques of Kou into the mobile authentication 
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system of Aura in order to allow the system to enforce certain 
security restrictions, such as forcing clients to use a secure 
protocol, such as HTTPS, in order to access certain information, 
thereby ensuring security of the information that is to be protected. 

Buhle, however, discloses that a gateway associated with 
the request further provides a gateway group identifier; determining 
if the gateway is trustable based on the gateway group identifier;; 
and determining levels of trust based on both a device ID and 
whether the gateway is trustable (Column 5, line 25 to Column 6, 
line 25; Column 6, lines 61-67; and Column 8, lines 20-52). It 
would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the authentication and 
authorization system of Buhle into the mobile authentication system 
of Aura as modified by Kou in order to provide a highly dynamic 
system of roles and permissions such that a device connecting 
directly to a data server will have one set of roles/permissions and 
when the device connects through certain middle-tier servers, the 
roles and permissions change based on each server through which 
the connection is made, thereby providing a high degree of 
security, auditing, and dynamic system behavior based upon how 
the user connects to the system. 

Wilf, however, discloses that the identifier associated with 
the device comprises an identifier associated with a user agent 
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(Column 4, lines 5-35). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to 
incorporate the session management techniques of Wilf into the 
mobile authentication system of Aura as modified by Kou and Buhle 
in order to provide a stronger signature, based upon more client 
and/or gateway specific information, thus increasing security of the 
signature and making it harder to forge. 

Regarding Claim 20, 

Aura as modified by Kou, Buhle, and Wilf discloses the client 
of claim 18, in addition, Aura discloses that receiving the at least 
one device signature further comprises if the at least one device 
signature is based on the first level of trust, receiving a first tier 
device signature based, in part, on a hash of at least one of a 
subscription identifier, the gateway group identifier, the user agent 
identifier, and a time stamp (Column 9, line 43 to Column 10, line 
27; and Column 13, line 64 to Column 15, line 6). 

Regarding Claim 21, 

Aura as modified by Kou, Buhle, and Wilf discloses the client 
of claim 18, in addition, Aura discloses that receiving the at least 
one device signature further comprises if the at least one device 
signature is based on the second level of trust, receiving a second 
tier device signature based, in part, on a hash of at least one of a 
cookie, the gateway group identifier, the user gent identifier, and a 
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time stamp (Column 9, line 43 to Column 10, line 27; and Column 
13, line 64 to Column 15, line 6). 

Regarding Claim 22, 

Aura as modified by Kou, Buhle, and Wilf discloses the client 
of claim 18, in addition, Aura discloses that receiving the at least 
one device signature further comprises if the at least one device 
signature is based on the third level of trust, receiving a third tier 
device signature based, in part, on a hash of at least one of the 
gateway group identifier, a user agent identifier, a server identifier, 
a process identifier, a random number, and a time stamp (Column 
9, line 43 to Column 10, line 27; and Column 13, line 64 to Column 
15, line 6). 

Regarding Claim 24, 

Aura as modified by Kou, Buhle, and Wilf discloses the client 
of claim 18, in addition, Kou discloses that receiving the at least 
one device signature further comprises, if the request indicates the 
mobile device is enabled to accept a cookie, associating the cookie 
with the at least one device signature (Column 8, lines 26-53; and 
Column 9, lines 6-42); and Wilf discloses associating the cookie 
with the at least one device signature (Column 4, lines 5-35). 
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7. Claims 6, 7, 16, 17, 31, and 34 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Aura in view of Kou and Buhle, further in view of Laraki 
(U.S. Patent Application Publication 2003/0233329). 
Regarding Claim 6, 

Aura as modified by Kou and Buhle does not explicitly 
disclose that the associated information further comprises a 
subscription identifier associated with the mobile device that is 
based on at least one of a MIN, ESN, and application serial 
number. 

Laraki, however, discloses that the associated information 
further comprises a subscription identifier associated with the 
mobile device that is based on at least one of a MIN, ESN, and 
application serial number (Paragraph 53). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the mobile subscription services of Laraki 
into the mobile authentication system of Aura as modified by Kou 
and Buhle in order to efficiently provide mobile users with access to 
content based upon subscriptions and affiliations in which a user 
will not be charged twice for content that was previously paid for, 
but could not be downloaded prior to expiration of the subscription 
and is downloaded after expiration, thus improving reliability of the 
system. 
Regarding Claim 7, 
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Aura as modified by Kou and Buhle discloses the method of 
claim 1, in addition, Aura discloses determining the level of trust of 
the mobile device identifier and trusting the mobile device if the 
identifier is so trusted (Column 9, line 43 to Column 10, line 27; and 
Column 13, line 64 to Column 15, line 6); and Buhle discloses 
determining a level of trust of the carrier gateway associated with 
the mobile device based on a received device identifier and the 
gateway group identifier (Column 5, line 25 to Column 6, line 25; 
Column 6, lines 61-67; and Column 8, lines 20-52); 

But does not appear to explicitly disclose using a received 
subscription identifier in the determining of a level of trust, trusting 
the mobile device identifier based on such carrier trust, and 
inhibiting the determination of a level of trust associated with the 
device if the mobile device identifier is not trusted in this manner. 

Laraki, however, discloses determining a level of trust of a 
carrier associated with the mobile device based on at least one of a 
received subscription identifier and a gateway group identifier, 
trusting the mobile device identifier based on such carrier trust, and 
inhibiting the determination of a level of trust associated with the 
device if the mobile device identifier is not trusted in this manner 
(Paragraphs 33-37 and 46-72). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to 
incorporate the mobile subscription services of Laraki into the 
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mobile authentication system of Aura as modified by Kou and Buhle 
in order to efficiently provide mobile users with access to content 
based upon subscriptions and affiliations in which a user will not be 
charged twice for content that was previously paid for, but could not 
be downloaded prior to expiration of the subscription and is 
downloaded after expiration, thus improving reliability of the 
system. 
Regarding Claim 16, 

Aura as modified by Kou and Buhle does not explicitly 
disclose if the at least one device signature has expired, 
determining if the expired device signature is to be rolled over, and 
if the expired device signature is to be rolled over, extending a 
validity period associated with the expired device signature. 

Laraki, however, discloses if the at least one device 
signature has expired, determining if the expired device signature is 
to be rolled over, and if the expired device signature is to be rolled 
over, extending a validity period associated with the expired device 
signature (Paragraphs 45 and 66). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
incorporate the mobile subscription services of Laraki into the 
mobile authentication system of Aura as modified by Kou and Buhle 
in order to efficiently provide mobile users with access to content 
based upon subscriptions and affiliations in which a user will not be 
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charged twice for content that was previously paid for, but could not 
be downloaded prior to expiration of the subscription and is 
downloaded after expiration, thus improving reliability of the 
system. 
Regarding Claim 17, 

Aura as modified by Kou, Buhle, and Laraki discloses the 
method of claim 16, in addition, Laraki discloses that determining if 
the expired device signature is to be rolled over further comprises 
evaluating at least one of a condition, event, change in an identifier 
indicating a grouping of the gateway, and a time (Paragraphs 45 
and 66). 
Regarding Claim 31 , 

Aura as modified by Kou and Buhle discloses the server of 
claim 26, in addition, Aura discloses that determining the at least 
one level of trust further comprises determining the first level of 
trust based at least one of a gateway group identifier, a subscription 
identifier, a user agent, and a security level associated with the 
request from the mobile device (Column 9, line 43 to Column 10, 
line 27; and Column 13, line 64 to Column 15, line 6); 

But does not appear to explicitly disclose using such 
information to determine if the mobile device identifier is trusted. 

Laraki, however, discloses using such information to 
determine if the mobile device identifier is trusted (Paragraphs 33- 
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37 and 46-72). It would have been obvious to one of ordinary skill 
in the art at the time of applicant's invention to incorporate the 
mobile subscription services of Laraki into the mobile authentication 
system of Aura as modified by Kou and Buhle in order to efficiently 
provide mobile users with access to content based upon 
subscriptions and affiliations in which a user will not be charged 
twice for content that was previously paid for, but could not be 
downloaded prior to expiration of the subscription and is 
downloaded after expiration, thus improving reliability of the 
system. 
Regarding Claim 34, 

Aura as modified by Kou and Buhle discloses the server of 
claim 26, in addition, Aura discloses determining if at least one 
device signature has expired (Column 13, line 64 to Column 15, 
line 6); but does not explicitly disclose extending a validity period 
associated with the expired device signature is the expired device 
signature is to be rolled over. 

Laraki, however, discloses determining if at least one device 
signature has expired and extending a validity period associated 
with the expired device signature is the expired device signature is 
to be rolled over (Paragraphs 45 and 66). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the mobile subscription services of Laraki 
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into the mobile authentication system of Aura as modified by Kou 
and Buhle in order to efficiently provide mobile users with access to 
content based upon subscriptions and affiliations in which a user 
will not be charged twice for content that was previously paid for, 
but could not be downloaded prior to expiration of the subscription 
and is downloaded after expiration, thus improving reliability of the 
system. 

8. Claims 13 and 39 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Aura in view of Kou and Buhle, further in view of Kindberg 
(U.S. Patent Application Publication 2003/0061515). 
Regarding Claim 13, 

Aura as modified by Kou and Buhle does not explicitly 
disclose including a device signature in a munged URL. 

Kindberg, however, discloses including a device signature in 
a munged URL (Paragraphs 39 and 43-50). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the capability-enabled URL of Kindberg into 
the mobile authentication system of Aura as modified by Kou and 
Buhle in order to provide a simple mechanism by which a client can 
prove authorized access to resources via use of a modified URL 
including a signature corresponding to a particular capability. 
Regarding Claim 39, 
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Aura as modified by Kou and Buhle does not explicitly 
disclose providing a signature to the mobile device through a 
munged URL. 

Kindberg, however, discloses providing a signature to the 
mobile device through a munged URL (Paragraphs 39 and 43-50). 
It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the capability-enabled 
URL of Kindberg into the mobile authentication system of Aura as 
modified by Kou and Buhle in order to provide a simple mechanism 
by which a client can prove authorized access to resources via use 
of a modified URL including a signature corresponding to a 
particular capability. 



9. Claims 19 and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Aura in view of Kou, Buhle, and Wilf, further in view of Laraki. 
Regarding Claim 19, 

Aura as modified by Kou, Buhle, and Wilf does not explicitly 
disclose providing the mobile device identifier based on at least one 
of a MIN, an ESN, and an application serial number. 

Laraki, however, discloses providing the mobile device 
identifier based on at least one of a MIN, an ESN, and an 
application serial number (Paragraph 53). It would have been 
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obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the mobile subscription services of Laraki 
into the mobile authentication system of Aura as modified by Kou, 
Buhle, and Wilf in order to efficiently provide mobile users with 
access to content based upon subscriptions and affiliations in which 
a user will not be charged twice for content that was previously paid 
for, but could not be downloaded prior to expiration of the 
subscription and is downloaded after expiration, thus improving 
reliability of the system. 
Regarding Claim 23, 

Aura as modified by Kou, Buhle, and Wilf discloses the client 
of claim 18, in addition, Aura discloses data in the form of at least 
one device signature (Column 5, line 58 to Column 6, line 13; and 
Column 7, line 42 to Column 8, line 23); but does not appear to 
explicitly disclose that sending the request further comprises 
sending the request to a carrier gateway, wherein the carrier 
gateway is configured to perform actions comprising: modifying the 
request to include at least one of a subscription identifier 
associated with the mobile device and a gateway identifier; 
forwarding the modified request to the server; receiving data from 
the server; and forwarding the data to the mobile device. 

Laraki, however, discloses that sending the request further 
comprises sending the request to a carrier gateway, wherein the 



Application/Control Number: 10/767,004 Page 43 

Art Unit: 2437 

carrier gateway is configured to perform actions comprising: 
modifying the request to include at least one of a subscription 
identifier associated with the mobile device and a gateway 
identifier; forwarding the modified request to the server; receiving 
data from the server; and forwarding the data to the mobile device 
(Paragraphs 33-37 and 46-48). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to 
incorporate the mobile subscription services of Laraki into the 
mobile authentication system of Aura as modified by Kou, Buhle, 
and Wilf in order to efficiently provide mobile users with access to 
content based upon subscriptions and affiliations in which a user 
will not be charged twice for content that was previously paid for, 
but could not be downloaded prior to expiration of the subscription 
and is downloaded after expiration, thus improving reliability of the 
system. 



10. Claim 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Aura in view of Kou, Buhle, and Wilf, further in view of Kindberg. 

Aura as modified by Kou, Buhle, and Wilf does not explicitly 

disclose receiving a munged URL associated with at least one device 

signature. 

Kindberg, however, discloses receiving a munged URL associated 
with at least one device signature (Paragraphs 39 and 43-50). It would 
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have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the capability-enabled URL of 
Kindberg into the mobile authentication system of Aura as modified by 
Kou, Buhle, and Wilf in order to provide a simple mechanism by which a 
client can prove authorized access to resources via use of a modified URL 
including a signature corresponding to a particular capability. 



Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to JEFFREY D. POPHAM whose telephone 
number is (571 )272-721 5. The examiner can normally be reached on M-F 9:00- 
5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Emmanuel Moise can be reached on (571)272-3865. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 

Jeffrey D Popham 

Examiner 

Art Unit 2437 

/Jeffrey D Popham/ 
Examiner, Art Unit 2437 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



